Matanbuchus Malware Uses Google Drive Link in Phishing Attack

Matanbuchus Malware Attack Uses Google Drive

Matanbuchus Malware Uses Google Drive Link in Phishing Attack

You’ve probably never heard of Matanbuchus malware but you need to know about it and how it is using Google Drive and other legitimate infrastures to worm its way into your network. This cyber security risk first surfaced in February 2021, but recently, a cyber criminal used Google Drive to launch an attack that is significantly more difficult to detect than most others.

At its core, Matanbuchus  is malware-as-a-service (MaaS) that uses a contact form to infiltrate infrastructures. For instance, Matanbuchus uses Google Drive to download and run executable files without detection from command and control servers.  It delivers the malware loader with convincing social engineering tactics that trick users into thinking the malware file is part of their legitimate Google Drive infrastructure. 

In a June 2022 attack, the threat actor succeeded in hijacking a well-known school district’s teacher’s email thread and using it to leverage the teacher’s identity as well as the real school at which she worked as a way to avoid detection. The email thread was then used to deliver a compromised email through a legitimate domain, in this case Google Drive.

The cyber criminals used the multiple elements to create the appearance of legitimacy and fool targets while obfuscating the malware to bypass email security. Here is how it works:

  • You receive an email from a familiar domain, such as the teacher’s email or school district website.
  • The email contains a link from a legitimate infrastructure provider, such as Google Drive.
  • Clicking that link downloads the malware to your computer through coding that diverts the downloader from the legitimate location (Google Drive) to another location and file. 
  • Once the initial Matanbuchus malware is installed on your device, it can download other malware, as well.

In the recent incident reported by Abnormal, criminals impersonated the teacher and sent an email inviting members of a school community group to participate in a community meeting with a link to a document related to the event. The scam used the teacher’s email and school district name to seem credible and trick users. Using Google Drive (or another legitimate infrastructure) to deliver the link was an attempt to bypass email security rules. Once the link was clicked, a domino effect began with malicious files downloading from multiple domains to increase the download success.

Make sure your team knows not to trust email links simply because they look like they’re from someone they know or from a familiar infrastructure. This should be part of your overall phishing prevention and cyber security training.

Matanbuchus Malware and More

Intrust IT has been helping businesses with cyber security and managed IT support for decades. Contact us or book a no obligation meeting. We are here to help.

Posted in
Dave Hatter

Dave Hatter

Dave Hatter (CISSP, CCSP, CCSLP, CISA, CISM, PMP and ITIL) is a cyber security consultant, writer, educator and on-air media contributor. See hundreds of Dave’s expert interviews on cyber security on his YouTube channel, or tune in to 55KRC every Friday morning at 6:30 for his “Tech Friday” segment.

Share this Blog

Enterprise Password Management Promo Wide

Is Your Name or Birthday a Part of Your Password?

If so, you’re a part of the 59 percent of people who don’t follow proper password hygiene. More than 70 percent of passwords are used for more than one system, meaning if cybercriminals crack one, they can access a lot more accounts.

Our free Enterprise Password Management Guide will give you the best password hygiene practices to help you secure your computer and your business.

Download the Guide

Explore the Latest Trends in IT

Fundamentals of Information Technology Management - Intrust

IT 101: What Is Information Technology Management?

When was the last time you stopped to think about how your business relies on technology? Information technology management is...
Avoid Pig-Butchering - Intrust IT

Pig-Butchering Scams: What They Are and How to Stay Safe

At Intrust IT, we understand that it may feel like the specter of cybersecurity is always breathing down your neck....
3 Reasons to Replace Aging Equipment - Intrust IT

Three Compelling Reasons Your Company Should Replace Its Aging Computers Before Year-End

As the end of the year approaches, businesses everywhere are evaluating their budgets and looking for strategic opportunities to invest...
What are managed services - Intrust IT

What Are Managed Services? And What Are the Benefits?

Running a business in today’s tech-driven world means you need reliable IT infrastructure. But let’s be honest, managing IT in-house...
Windows 10 End of Life How This Could Impact Your Business - Intrust IT

Windows 10 End of Life: How It Could Impact Your Business

As Microsoft officially plans to end support for Windows 10 on October 14, 2025, businesses need to begin thinking ahead....
AI implementation Roadmap Intrust IT

Master AI Integration With Our AI Implementation Roadmap Guide

AI is one of the greatest technological breakthroughs of the last few years. It has become our handy assistant, data...